Forcing a route using pf
James Morris
jamesmorris8 at outlook.com
Sat Oct 29 10:15:03 UTC 2016
Hi,
I added the pf rule:
pass out on igb1 route-to ( igb0 10.0.0.1 ) from any to 10.10.10.100
But now when I try to reach 10.10.10.100 traffic goes out igb0 as expected, but it has the source IP of igb1
# ping 10.10.10.100
# tshark -i igb0
Capturing on 'igb0'
1 0.000000 10.10.10.10 -> 10.10.10.100 ICMP 98 Echo (ping) request id=0xb403, seq=0/0, ttl=64
2 0.001509 RealtekU_12:35:02 -> Broadcast ARP 60 Who has 10.10.10.10? Tell 10.0.0.1
3 1.020896 10.10.10.10 -> 10.10.10.100 ICMP 98 Echo (ping) request id=0xb403, seq=1/256, ttl=64
4 1.022268 RealtekU_12:35:02 -> Broadcast ARP 60 Who has 10.10.10.10? Tell 10.0.0.1
Traffic is flowing out the correct interface, but has the wrong source IP address.
What am I doing wrong here?
Thanks,
James
From: Patrick Lamaiziere <patrick at davenulle.org>
Sent: 28 October 2016 11:21
To: James Morris
Cc: freebsd-pf at freebsd.org
Subject: Re: Forcing a route using pf
Le Thu, 27 Oct 2016 19:23:38 +0000,
James Morris <jamesmorris8 at outlook.com> a écrit :
Hi,
Hello,
>
> While this does solve the issue of pushing traffic through igb0,
> however any income connections to igb1 from server B also get shunted
> out igb0.
>
> I was wondering if there is a way to do this in pf.
see PF route-to option.
Regards,
More information about the freebsd-pf
mailing list